Negotiated wireless peripheral systems

ABSTRACT

Methods, apparatus, and business techniques are disclosed for use in mobile network communication systems. A mobile unit such as a smart phone is preferably equipped with a wireless local area network connection and a wireless wide area network connection. The local area network connection is used to establish a position-dependent ecommerce network connection with a wireless product or service access device supplied by a vendor. A negotiation sequence is carried out to electronically contract the services of the negotiated wireless peripheral from the vendor using a prepaid ecommerce protocol. The negotiated wireless peripheral is a general product or service vending device and the mobile unit acts as a digital authentication and payment device with digital pre-paid payment capabilities. The techniques are useful in many applications to include ticketing and admission systems to events and other types of services that involve ticketing.

This application is a continuation-in-part of copending U.S. patent application Ser. No. 09/698,882, filed Oct. 27, 2000 and U.S. patent application Ser. No. 09/722,981, filed Nov. 27, 2000 by the same applicant.

BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates generally to mobile data network infrastructure methods and systems. More particularly, the invention relates to methods and systems that allow mobile devices to wirelessly contract for products and services that can result in a temporary expansion of mobile unit capabilities.

2. Description of the Related Art

Wireless networks have been evolving rapidly since the early 1980's when the first generation cellular telephone network was deployed. By this time the third generation network technologies are fairly well defined and initial deployments are beginning. Already, fourth generation systems are in the research phase. A key difference between the first generation systems and modem systems is the move from circuit switched analog technology to packet switched digital technology. While early cellular telephones were wireless versions of standard analog telephones, newer cellular and PCS (personal communication system) phones provide both voice and data channels. It is envisioned that in the future both the voice and data traffic will be carried by a unified packet switched network.

A key attribute of third generation (3G) cellular systems is their ability to handle data traffic. To the user, this means a cellular phone can provide Internet connectivity. A “smart phone” is a device that provides voice connectivity, data connectivity and computerized application programs such as those as offered by PDA (personal digital assistant) technology.

A key problem faced by smart phones is their limited user interface capabilities. Smart phones need to be compact in design. As such, a typical smart phone has a relatively small display surface and a telephone-sized keypad. While a smart phone may be able to provide wireless Internet capabilities, its limited display surface area precludes it from providing a full featured web browser as found on desktop systems. Some prior art systems use speech recognition and voice based operating system techniques to address the user interface size constraints imposed by smart phones. Still, voice based user interfaces are cumbersome in the way they control complex data entry and menu navigation requirements that arise in operating systems and application programs such as spread sheets.

Prior art systems understand the restricted user interface capabilities of smart phones and similar mobile devices. As such, various dialects of XML (extensible Markup Language) have been developed to allow content to be customized for interactive display on specific types of smart phones and other mobile devices. A variation of XML known as WML (Wireless Markup Language) includes language constructs (e.g., tag sets) that allow a server to deliver customized content to a mobile device made by a specific manufacturer and having a specific model number. This allows the content to be customized for the specific user interface configuration supplied by the mobile device.

In general, a device-specific user interface that involves a restricted display area and a fixed set of user interface buttons, such as those found on a smart phone or a PDA is called an “area-constrained user interface.” A user interface found on a desktop system such as a PC or workstations is called a “non-area-constrained user interface.”

Typically, systems with non-area constrained user interfaces involve a desktop user interface. For example, a desktop user interface is found on computer systems such as those running the Windows™ or X-Windows™ operating systems. In general, any graphical user interface that allows a user to make menu selections and/or icon selections in a non-area constrained environment can be thought of as a desktop interface. Typically, desktop interfaces use pointing devices such as mouse devices and also provide optional keyboard support. Some desktop user interfaces also provide speech recognition and voice based prompts.

It should be noted that different models of smart phones and other mobile devices will have different display surface sizes and shapes, and different sets of keys on different types of keypads (area-constrained). This is in contrast to desktop systems that can all be assumed to have a desktop sized monitor, a standard keyboard, and a mouse (non-area constrained). While WML and similar technologies can be used to specify how content should be delivered to a variety of smart phone devices, the display surface area and keypad surface area limitations remain. A smart phone is generally limited in its set of peripherals and therefore is incapable of providing the type of user interface that can be supplied by computer systems with full sized display surfaces, keyboards, and other devices such as pointing devices.

Other problems with existing technology include the unavailability of techniques and protocols to allow smart phones to use a wLAN (wireless local area network) connection or a wWAN (wireless wide area network) connection to contract with local entities to provide products and services. Enhanced systems and methods are lacking to allow a user of a mobile unit such as a smart phone to negotiate with a local wireless device and contract products and services therefrom.

Prior art systems have been developed to allow users to access their home or office applications while away on the road. For example companies like Oracle Inc. supply portal software. Portal software allows users to log into a computer system remotely and gain access to both standard web content interfaces and back office application interfaces. That is, a portal is an application server that provides an interface between remote network users and application programs running in an enterprise environment such as a home or an office. For example, using a portal, a remote worker could log into a portal server and access several application programs such as email programs and spreadsheets that run on a home or office computer. Still, while portal software is useful, in many cases the mobile user is restricted by a limited UI (user interface) such as the one provided by a smart phone. Smart phone UI's do not typically provide a display surface sufficient to support a full-scale desktop UI. This inhibits smart phone users from working with traditional desktop applications. It would be desirable to have an application server or portal that could supply the look and feel of a full home/office desktop system to smart phone users. It would be desirable for smart phone users to be able to use the smart phone to access a full-sized desktop UI. It would also be desirable for smart phone users to be able to use the limited smart phone UI when needed to support mobility.

It would be desirable to have a mobile unit that could provide a compact smart phone UI to a user, but could then be reconfigured to support a full desktop style UI so that the user could work on desktop applications while away from the home or office. For example, it would be desirable for a user of a smart phone who is waiting in an airport or staying in a hotel room to be able to walk up to a peripheral augmentation subsystem that supplies hardware support for a temporarily extended UI. It would be desirable for the smart phone to wirelessly negotiate with the peripheral augmentation subsystem to pay for services rendered using either a per-usage payment schedule or a by-subscription payment schedule. It would also be desirable to have a global desktop server that could be used to allow mobile users to see images of their desktop applications as though they were back at their home office. With the availability of such peripheral augmentation equipment, users could carry smart phones and enjoy all of the capabilities of full desktop systems when needed. It would further be desirable to have business methods to support the use of contracted peripherals and global desktop services. It would also be desirable to also provide a means for a mobile unit to set up position-dependent ecommerce sessions with wireless infrastructure vending devices that sell products and services beside negotiated wireless peripheral services.

SUMMARY OF THE INVENTION

The present invention solves these and other problems by providing systems and methods to enable a mobile unit to access an expanded set of peripherals. The present invention includes various aspects as outlined herein and in further detail in the detailed description.

A first aspect of the invention involves a negotiated wireless peripheral. The negotiated wireless peripheral is an access point that uses a short-range wireless transceiver to support a position-dependent ecommerce session with a mobile unit such as a smart phone. A position-dependent ecommerce session is a session that is negotiated between an access point and a mobile unit who agree upon a billing arrangement in order for the access point to provide a product and/or a service to the mobile unit. The negotiated wireless peripheral also includes a negotiation module coupled to the short-range wireless transceiver. The negotiation module is used to engage in a handshaking sequence with the mobile unit to establish the position-dependent ecommerce session. The negotiated wireless peripheral also incorporates a service module to supply a product or service such as a peripheral augmentation service to the mobile unit. A peripheral augmentation service allows an area-constrained user interface to be replaced with a non-area-constrained user interface such as the kind found on desktop systems. A contract module is used to negotiate a billing arrangement with the mobile unit for services rendered. Related methods practiced by the negotiated wireless peripheral are also taught.

Another aspect of the invention involves various architectures for mobile units who contract services from wireless negotiated peripheral devices. These mobile units also communicate with network servers such as application services and or telephony services. For example, a mobile unit communicates with an application server and augments its peripheral capabilities by contracting with a negotiated wireless peripheral. In an associated method, the mobile unit provides an operating system that supports an area-constrained user interface. For example, the mobile unit may correspond to a smart phone. The mobile unit communicates with a network server in accordance with a wireless wide area network (wWAN) protocol. The network server may be an application server or a telephony server, for example. The mobile unit also communicates with a negotiated wireless peripheral access point device and engages in a handshaking sequence with therewith to establish a position-dependent ecommerce session. The mobile unit next negotiates a billing arrangement with the negotiated wireless peripheral to contract for a product or service such as a peripheral augmentation service. The mobile unit then update a configuration definition to reconfigure itself to operate with the peripheral augmentation service. For example, if the mobile unit has an area-constrained user interface, the mobile unit plus the augmented peripheral service is able to operate a non-area constrained user interface as found on a desktop computer system.

Other aspects of the present invention center around application service provider (ASP) servers and related methods. The ASP server supplies application services to remote users such as network client devices, and more specifically, mobile units with area-constrained user interfaces. The ASP server performs server-side transactions with remote clients via a communications network such as the Internet and performs server-side computing functions in a client-server computing system. The ASP server delivers content customized according to the area-constrained user interface of the mobile unit, for example, using WML based content. The ASP server also maintains a parameter defining a mobile device peripheral-set configuration. The ASP server transmits content customized to the area-constrained user interface of the mobile unit. The ASP server later receives a mobile device peripheral-set reconfiguration message and subsequently transmits to the mobile unit content that customized for a non-area constrained user interface. In preferred embodiments, the ASP server is a stand-alone application server or is a portal to a home or office computer system (e.g., enterprise intranet). The ASP server allows mobile users to access their desktop applications as if they were in the office.

Another aspect of the invention involves methods of selling negotiated wireless peripheral services. In one such method, the selling is performed with the assistance of associates. A plurality of associates are enrolled into a federation using an on-line registration system. Associates indicate peripheral augmentation service provided the negotiated wireless peripheral devices that they supply to the federation. A network session is established between a management server and the negotiated wireless peripheral device provided by an associate. The negotiated peripheral device (or the management server acting on its behalf) receives a request to establish a position-dependent ecommerce session from a mobile unit. A billing arrangement is negotiated with the mobile unit to provide a peripheral augmentation service to the mobile unit, the service is provided, and the mobile unit is billed. The associate is then compensated.

The invention has other related aspects such as business methods, methods of selling tickets to events, methods of using negotiated wireless peripherals in Mobile IP networks, distributed object related methods, and methods of selling tickets to events, and methods of selling products, services, and electronic tokens. Each of these methods generally involves a mobile unit, a negotiated wireless peripheral, and one or more network servers. For further details, see the detailed description of the preferred embodiments.

BRIEF DESCRIPTION OF THE FIGURES

The various novel features of the present invention are illustrated in the figures listed below and described in the detailed description that follows.

FIG. 1 is a block diagram representing an embodiment of a system involving a mobile unit, a negotiated wireless peripheral, and various server systems attached to a network.

FIG. 2 is a block diagram illustrating an embodiment of a wireless negotiated peripheral.

FIG. 3 is a block diagram illustrating an implementation of a mobile unit designed to interface with negotiated wireless peripheral devices and network servers.

FIG. 4 is a block diagram of a network server or portal adapted for operation with mobile units that contract peripheral services with negotiated wireless peripheral devices.

FIG. 5 is a flow chart illustrating a method of processing carried out in a negotiated wireless-vending device such as a negotiated wireless peripheral.

FIG. 6 is a flow chart illustrating a method of processing carried out in a mobile unit adapted to interface with a negotiated wireless peripheral.

FIG. 7 is a flow chart illustrating a method of processing carried out in a network server adapted to interface with a mobile unit whose peripheral configuration can be augmented by contracting with a negotiated wireless peripheral.

FIG. 8 is a flow chart illustrating business methods and methods of processing used in networks incorporating negotiated wireless peripherals.

FIG. 9 is a flow chart illustrating methods for selling tickets and/or tokens using negotiated wireless vending techniques.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

FIG. 1 is a block diagram representing an illustrative system embodiment 100 of a system configuration used to support the present invention. The system 100 includes a NWP (negotiated wireless peripheral) 105. The NWP 105 is coupled to a mobile unit 125. As is discussed in further detail hereinbelow, the NWP 105 can correspond to a peripheral device that can be temporarily attached to the mobile unit 125 on a negotiated contract basis. For example, the mobile unit 125 may be a smart phone with a limited UI. The NWP 105 may involve a full sized display monitor, a full sized keyboard, and a mouse-pointing device. The mobile unit 125 negotiates with the NWP 105 to contract its services. Once contracted, the NWP 105 acts as an extension to the mobile unit 125 and the mobile unit 125 can act as a full-featured desktop system. As is discussed below, the NWP 105 can also be configured to provide products and/or services other than peripheral augmentations. In such cases, the NWP 105 can be thought of as a wirelessly controlled vending device. In either case, the NWP 105 joins the mobile unit 125 in a session and provides some type of product, service or peripheral augmentation to the mobile unit 125.

In the system embodiment 100, the NWP optionally includes a WAN connection 110 to a WAN 115. The WAN connection 110 can be wireless, corresponding to a wWAN (wireless wide area network) connection or can involve a wireline connection (e.g., twisted pair, coaxial cable, or fiber optic). The WAN 115 typically corresponds to the Internet, but can also correspond to an enterprise wide WAN, a VPN (virtual private network), and/or a set of switched or leased lines (DS0, DS1, DS3, ISDN, etc.) through a PSTN (public switched telephone network). In the system embodiment 100, the NWP also optionally includes a wLAN (wireless local area network) connection 120 for coupling to the mobile unit 125. The NWP preferably includes both the wWAN connection 110 and the wLAN connection 120, but in some embodiments the NWP may include only one or the other.

Also connected to the WAN 115 is an ASP (applications service provider) server 135, an NWP management server 140, an optional home/office computer system 145, and an telephony server 150. In some embodiments, only a subset of the servers 135, 140, 145 and 150 may be present.

As discussed in more detail below, the ASP server 135 (more generally called an “application server”) preferably supplies global desktop services and optionally other application and file system services to the mobile unit 125. The NWP 105 preferably interacts with the NWP management server 140 (more generally called a “management server”). In such embodiments, the NWP management server 140 generally serves to control an installed base of NWP access points. For example, when the NWP 105 negotiates with the mobile unit 125 to supply a product or service, the NWP 105 uses the NWP management server 140 as a user/payment-authentication resource, a billing server, and as a record keeping server. Specific examples illustrating how the NWP 105 the NWP management server 140 interact are discussed below. In some embodiments, the NWP 105 does not interact with a server at all, but accepts digital debit payment directly from the mobile unit. However, in most of the envisioned embodiments, the NWP 105 is coupled to the NWP management server 140 and interacts therewith. In some embodiments, the ASP server 135 and the NWP management server 140 can be collocated and merged. For example, a company that supplies global desktop application services from the ASP server 135 can be the same company that manages the installed base of NWP devices from the NWP management server 140.

The computer system 145 represents a home computer, an office computer, or an enterprise computer system (e.g., an intranet or a VPN-defined subnetwork of an intranet). For example, the computer system 145 may involve a personal computer configured to provide server capabilities, or may involve a network comprising one or more PC's workstations and dedicated network servers. In either case, the computer system 145 can be used to supply desktop files and/or applications to the mobile unit 125. For example, these applications can include standard web-browser controlled applications or standard back-office computing applications. A portal software module as known in the art is used to allow the computer system 145 to make applications and files accessible to remote users. Portals enable the user of the mobile unit 125 to be able to work on applications such as back-office and desktop applications while away from the home or office.

In some embodiments, the ASP server 135 is used to host applications and files for clients (e.g., home or enterprise clients). In such embodiments, the ASP server 135 offloads the application processing from its ASP customers. The ASP customers are client devices and the ASP server is a server device. The clients and the server engage in client-server computing transactions as are known in the art. That is, a server delivers application services to a client in a client-server application session. The client-server application session typically is implemented at the application layer but can be implemented at other layers as well. Mobile client devices are typically limited by their area-constrained user interface capabilities. The ASP server 135 is also preferably is coupled to storage media, for example to a storage area network to support client file systems. Clients to the ASP server 135 act much like terminals and the ASP server 135 acts much like a network mainframe computer. One advantage of such as configuration is that customers to the ASP server 135 can access their applications from anywhere reachable from the WAN 115. This generally provides global accessibility to applications and related data. In accordance with an aspect of the present invention, the ASP server 135 provides a global desktop user interface to users. This interface allows a user to work from a client computer attached to the WAN as though he or she were working on a home office computer to include a computer system in the back office. The UI (user interface) as designed in accordance with an aspect of the present invention looks much like a standard UI of an operating system such as Windows™ or X-Windows™, for example. In this type of inventive system, the ASP 135 supplies a global desktop interface to users and this interface can be reached from a smart phone that has its peripheral set temporarily expanded by the NWP 105. When the user of the smart phone is on the road and is away from an NWP 105, the ASP server 135 supplies a limited UI customized to the hardware of the mobile unit 125.

The same basic functionality supplied by the ASP server 135 can be supplied by coupling a portal software module to the home/office computer 145. For example, consider the case where the computer system 145 corresponds to a subnetwork of computers connected together via an enterprise intranet. In this case the portal software module can be supplied to allow mobile workers to access the applications on the enterprise intranet from remote access points via the WAN 115. The portal is responsible for user authentication and access control. Similarly, the portal is responsible for supplying the same type of global-desktop UI capabilities as supplied by the ASP server 135. In some systems, for security reasons, firewall technology may be used to prohibit external access to certain data repositories and applications.

In some embodiments, enterprises may use a combination of the computer system 145 with a portal and an external ASP 135. In such embodiments, user can log into the ASP server 135 for as first set of applications and to the portal of the computer system 145 for a second set of files and applications. Likewise, either the ASP server 135 or the computer system 145 can execute a software module that conglomerates the two sources of files and applications to provide a unified interface. Optionally, the user may selectively elect to see the user interface of only the ASP 135, the computer system 145 or the merged set. Hence the present invention contemplates merging applications and file systems from different computer resources available from the WAN 115 to supply a unified interface to a user. As an example, the global desktop may include certain applications from the ASP 135 and an email application from the computer system 145 or an external email resource such as AOL™ (America on-line). In such cases, RDF (resource description framework) files may be used to describe a user's desktop UI where different windows and applications are aggregated from different network addresses. For further details of how to implement such embodiments, see the documentation of Mozilla™ based browsers and the RDF standards.

While global desktop applications have been discussed, it should be appreciated that other types of application programs beside desktop applications can be supported by the system 100. For example, the NWP 105 can supply a video conferencing UI or a video on demand UI for entertainment purposes. In general, the NWP 105 can contract to supply products and services to the mobile unit 125. In a more general embodiment, the mobile unit 125 acts as a digital authentication and payment device, while the NWP acts as a product and/or service-vending device.

The telephony server 150 can involve an Internet telephony server (e.g., SIP—session initiation protocol) or a cellular network such as a 3G (or 4G, 5G, . . . ) system. The WAN 115 can be thought of as encompassing any or all of the Internet, any attached intranets, cellular networks, and the PSTN. Communication between servers and other devices in the system 100 may involve any of these communication means or other means such as satellite based networks. More details regarding the operation of the system 100 is discussed in connection with FIGS. 2-10.

An embodiment of the NWP 105 is illustrated in block diagram form in FIG. 2. The NWP 105 is illustrated as a hardware/software block diagram whereby certain blocks involve hardware and software, and other blocks represent software modules. This type of block diagram is also used in FIGS. 3 and 4. It is to be understood that the software modules exist in software, and in the physical embodiment the software is typically coded into a memory device that is coupled to a processor according to a Von Neumann architecture as is well known in the art. Other hardware architectures such as distributed multiprocessor architectures, programmable gate array architectures or other hardwired (possibly reconfigurable) architectures can be used to implement the hardware/software apparatus as taught in FIGS. 2-4 without departing from the scope of the present invention.

A preferred embodiment of the NWP 105 includes a wLAN transceiver 205 to support the wLAN connection 120. In addition, the preferred embodiment preferably includes a WAN transceiver 210 to support the WAN connection 110. The WAN transceiver 210 may involve, for example, a WCDMA connection (wWAN) or a wireline connection such as a fiber optic connection, a T1 line, an ISDN line, an xDSL connection, or a V.90 modem. In specific embodiments, the NWP 105 may be implemented with one or both of the transceivers 205, 210. The transceiver 205 and the transceiver 210 each support at least one lower layer of a protocol stack and are each connected to a software module 215 that implements at least one upper layer of a protocol stack. Depending on the embodiment, the software module 215 may implement one or more upper layers for either one or two protocol stacks. For example, separate protocol stacks may be used for the wLAN 205 and the WAN 210, or the same set of upper layers may be shared among the wLAN 205 and the WAN 210. Also, in some embodiments the software module 215 may be implemented as separate modules that are integrated into the transceivers 205 and 210. In either case, both the transceivers 205 and 210 are controlled by a protocol stack. In an exemplary embodiment, the wLAN transceiver implements one of Bluetooth™, HiperLAN™, IEEE 802.11, DECT™, or HomeRF™ at the lower layers and possibly TCP/IP and/or WAP™ at the upper layers. Meanwhile, in this example, the WAN transceiver implements 3G WCDMA or a wireline protocol (e.g., xDSL) at the lower layers and TCP/IP at the upper layers.

Coupled to the protocol stack upper layers is a negotiation module 220. The negotiation module 220 can be implemented at various software layers and is preferably implemented at a session layer or an application layer. It is recognized that different communication protocols use different types of protocol stacks with different types of protocol layer definitions. The appropriate layer at which the negotiation module 220 is implemented is thus dependent on the protocol stack used and the overall software design of a given embodiment. Also, as is understood by skilled artisans, the negotiation module 220 can be implemented as a sublayer or as a shim between protocol stack layers. As is discussed in further detail below, the negotiation module 220 is responsible for negotiating the use of a position-dependent ecommerce session between the NWP 105 and the mobile unit 125. Position-dependent ecommerce sessions are also defined in greater detail below.

In the embodiment shown, coupled to the negotiation module 220 is an authorization module 225, a contract module 235, an authorization list 230, a billing module 240 and a services module 245. While the interconnection of these modules is shown as a star topology whose root is the negotiation module, these modules can communicate in other ways, for example any of the illustrated software modules could communicate with one another via function calls, shared memory messaging, operating system messages, or direct hardware connections in a specific embodiment. For example, in one embodiment the authorization module 225 directly accesses the authorization list 230. Hence it is to be understood that the illustrative star-interconnection topology can be modified in specific embodiments without departing from the scope of the present invention.

It should also be noted that in some embodiments, some or all of the modules 220, 225, 230, 235, 240 and 245 may be missing. This is because embodiments that make use of the WAN connection 110 can implement various software modules in the NWP management server 140. In such cases, the WAN connection 110 is used to communicate with the NWP management server 140 and some or all of the modules 220-245 are implemented in the NWP management server 140.

Not shown in the NWP 105, but present in some embodiments, is a multiplexer. The multiplexer may be implemented at or between any of the layers of the protocol stack 215. The multiplexer is used to allow a plurality of NWP's to share network resources such as the wLAN transceiver 205 and/or the WAN transceiver 210. In such embodiments, the wLAN and/or WAN connections are shared among a plurality of service modules 245. The negotiation module 220 and its associated resources may also be shared. In such embodiments, only the services module 245 needs to be replicated. For example, in an airport, a set of NWP terminals may be provided in a waiting area to allow travelers to access their desktop applications. While the travelers may see twenty NWP access points, using the multiplexer, all of these access points may share one or more wLAN connections and a single WAN connection.

As used herein, the term “position-dependent ecommerce session” carries a specific meaning. Firstly, a position-dependent ecommerce session is position dependent. That is, the NWP 105 and the mobile unit 125 must be geographically collocated into a geographical vicinity, for example zero to one hundred feet. In many cases the geographical vicinity will be smaller, for example zero to ten or twenty feet. When wLAN technologies are involved, the size of the geographical vicinity is generally determined by the range of the wLAN technology. Also, the position-dependent ecommerce session involves an admission protocol involving one or more admission rules. A position-dependent ecommerce session is open to any station that enters the geographic vicinity, performs session set-up negotiation handshaking using the admission protocol, and satisfies the admission rules. In a position-dependent ecommerce session, a first network entity offers a product or service for sale and a second network entity uses the admission protocol to handshake with the first network entity to enter into a negotiated contract to be able to purchase the product or service from the first network entity. In one example, the admission policy involves the second entity sending a digital debit instrument (digital cash, digital check, or digital debit card), to the first entity. Similarly, the second entity can perform a credit card transaction with the first entity. Also, the second entity can authenticate itself as an account holder for the products and/or services offered by the first entity. When the first and second network entities part ways and are no longer both within the same geographical vicinity, the position-dependent ecommerce session is disconnected. Alternatively, either entity can cause the session to be ended prematurely.

While a common type of position-dependent ecommerce session is established via the wLAN connection 120, in a different type of embodiment, the position-dependent ecommerce session can be established via the WAN 115. For example, in one type of embodiment the mobile unit 125 can be implemented to include GPS receiver. Similarly, the GPS receiver might be augmented with a local positioning system (LPS) receiver to process local pseudo-satellite-like signals that allow the mobile unit to know a precise indoor location, for example. In general, the mobile unit 125 may be capable of determining its geographical position relative to reference locations. In such systems, the mobile unit couples an indication of its current position (e.g., GPS coordinates) to the NWP management server 140. The NWP management server 140 then acts as a proxy for a position-dependent ecommerce session between the mobile unit 125 and the NWP 105 access point in the immediate vicinity of the mobile unit 125. In similar embodiments, the NWP management server 140 provides parameters to the mobile unit 125 so that it can engage in a direct position-dependent ecommerce session with the NWP 105 via the WAN 115.

Position-dependent ecommerce sessions can also be set up with user intervention. In such embodiments, the NWP management server 140 offers a web-site style interface to users. Preferably the offered web-site style interface is implemented to customize content for various types of mobile clients devices. For example, the web-site style interface is written in a markup language such as WML. In such embodiments, the web-site style interface provides a dialog window to allow a user to enter an NWP identification code. The NWP identification code made visible on the NWP 105 so that a user can read the NWP identification code when the user is standing in front of the NWP 105. The user enters the identification code, and then the NWP management server 140 activates a link to allow the mobile unit 125 to communicate with the NWP 105 whose identification code was entered. This visual technique allows the mobile unit 125 and the NWP 105 to initiate a position-dependent ecommerce session without the need for a wLAN connection or a positioning device such as a GPS receiver. In a similar embodiment, the NWP 105 can display a URI or URL that can be entered directly into the mobile unit 125's UI in order to create a connection with the NWP 105. Note that the NWP identification code, URL or URI can be physically printed onto the NWP 105 or can be electronically displayed on a display surface provided by the NWP 105.

In operation, the mobile unit 125 and the NWP 105 establish a position-dependent ecommerce session. The mobile unit 125 engages in the admission protocol and is then able to access products and/or services from the NWP 105. The NWP management server 140 supports the NWP by keeping user account information and/or managing digital debit and/or credit card transactions. In some cases the mobile unit 125 uses the NWP 105 to access other services such as those provided by the ASP server 135.

In one type of embodiment, the NWP 105 acts as a peripheral augmentation module for the mobile unit 125. In this exemplary embodiment, the mobile unit 125 and the NWP 105 establish a position-dependent ecommerce session via the wLAN connection 120. In order to establish the position-dependent ecommerce session, the NWP 105 receives an admission request from the mobile unit 125. The negotiation module 220 processes the admission request. The negotiation module 220 usually interacts with the NWP management server 140 who then supplies information needed to implement the position-dependent ecommerce session's admission protocol.

For example the mobile unit 125 supplies a digital debit instrument (digital cash or digital check or digital debit card), a credit card number, or a subscriber account number as a part of the admission protocol. The authorization module 225 either accepts the digital debit or uses the wWAN connection 110 to verify the credit card number or account number. Even when digital debit is used, the authorization module preferably interacts with the NWP management server 140 to have the digital debit authenticated. The optional authorization list 230 is consulted in the case the NWP 105 has local accounts, but in most cases the authorization module performs a WAN transaction with the NWP management server 140 to determine whether the mobile 125 has an account with the NWP management system. Depending on a set of parameters associated with the user, the contract module 235 sets a rate for services. For example the services may cost different amounts at different times of day, or there may be different rates set depending on whether digital debit, credit card, or an existing subscriber account contract is used for payment. In some embodiments the contract module 235 may elect to not charge any direct user fees. This might occur, for example in a restaurant that may provide free NWP 105 services to encourage customers to come in. Also, the contract module may be implemented as a part of the NWP management server 140. Different embodiments split the NWP admission and billing related processing between the NWP 105 and the NWP management server 140 in different ways.

Once the negotiation module 220 has granted the mobile unit 125 access, the services module 245 is activated. The services module 245 provides a product or service to the mobile unit 125. For example, the NWP 105 provides a peripheral augmentation service that provides access to the use of a full sized display monitor, a full sized computer keyboard, and a mouse pointing device. In this embodiment, the services module 245 activates the I/O devices by redirecting I/O streams to the mobile unit 125 via the wLAN connection 120. In embodiments where the wLAN connection 120 does not exist, the I/O streams are redirected to the mobile unit 125 via the WAN 115. In either case, the mobile unit 125 is able to temporarily function as a full desktop system. The NWP 105 may alternatively augment the peripheral set in other ways, for example it can supply a power connector to provide power to and/or recharge the mobile unit. In many cases, the mobile unit will redirect input/output streams from an indigenous, area-constrained peripheral to the augmented peripheral supplied by the NWP 105.

To continue with this example, the ASP server 135 provides a virtual desktop UI with the user's set of application programs and user files available as icons using the extended peripheral hardware supplied by the NWP 105. Another service that can be provided by the NWP 105 in this type of embodiment is WAN-traffic offloading. In embodiments involving a WAN-traffic off loading, the mobile unit 125's WAN connection is redirected through the NWP 105. This is useful mainly in cases where the NWP 105's WAN connection 110 involves a wireline connection. The NWP 105 is often able to supply WAN access to the mobile unit 125 at a lower cost than the wWAN connection provided by the cellular carrier (e.g., WCDMA carrier usage fees are higher than direct wired Internet usage fees).

In some embodiments, distributed object technology can be used to implement various NWP services. Distributed object technology allows object-oriented classes to be defined that include a remote object and a stub object (also known as a “proxy object”). The remote object implements one or more services and a communication protocol to communicate with the stub object. The stub provides the client with a set of application programmer's interface functions (called an “interface” in object-oriented programming terminology) to call functions (i.e., “invoke methods”). When a method is invoked on the stub, a remote procedure call and a set of parameters are marshaled into a message and sent across a communication channel to the remote object. The server-side remote object then receives the message, unmarshals the parameters, invokes the corresponding method on behalf of the stub object using the remote object, marshals a set of results into a message, and sends the message back to the stub object.

In accordance with an aspect of the present invention, distributed objects are defined having a stub object and a remote object residing on opposite ends of a position-dependent ecommerce session. For example, once the position-dependent ecommerce session is established and a service is contracted, the NWP 105 instantiates a remote object and sends a representation of a stub object to the mobile unit 125. The mobile unit 125 then uses a standard set of object-oriented interfaces to invoke methods (i.e., function calls) on the stub object. The stub object marshals the invocation and sends a message to the remote object residing in the NWP 105. The NWP 105 then invokes a corresponding method in the remote object in order to provide the service to the mobile unit 125. For example, the mobile unit writes to a display monitor by invoking a stub method, and the stub method marshals the method invocation and sends it to the remote object. Then the remote object executes a method to case the display monitor in the NWP 105 to be written. In general, the present invention contemplates the use of distributed objects to be set up between the NWP 105 and the mobile unit 125 to support the delivery of services to the mobile unit 125. In some cases distributed objects may also be set up between the NWP 105 and the NWP management server 140, and/or between the mobile unit 125 and the NWP management server 140.

In the case of WAN offloading, the NWP 105 sends a stub object to the mobile unit 125. The mobile unit 125 then overloads some of its protocol stack service access point methods with the methods defined over the stub object. When the mobile unit executes its WAN-based communication routines, the stub methods cause messages to be sent to the remote object in the NWP 105 via the wLAN 120 instead of being sent to the lower layers of the wWAN transceiver 310. The remote object in the NWP 105 then routes the traffic using its WAN transceiver 210. This type of redirection allows the NWP 105 to provide lower cost WAN access than can be provided by the wWAN transceiver 310. For example, a fiber-based implementation of the WAN transceiver 210 can pass traffic more economically than a 3G WCDMA transceiver in most cases.

It should be noted that the NWP 105 can be used for applications other than supplying an augmented set of peripherals and possibly a lower cost WAN connection to a mobile unit. In other embodiments, the service module 245 can provide vending capabilities to provide products and services to the mobile unit 125. In such embodiments, the NWP 105 acts like a digital vending machine and the mobile unit 125 acts as a digital authentication and payment device. The mobile unit negotiates and authenticates itself, usually with the assistance of the NWP management server 140. Once authenticated and authorized, a position-dependent ecommerce session is initiated between the mobile unit 125 and the NWP 105. The service module 245 is then used to supply the mobile unit 125 access to a product or service. Examples and further details of general vending capabilities are discussed in connection with FIGS. 5, 8 and 9.

Referring now to FIG. 3, an embodiment of the mobile unit 125 is illustrated in block diagram form. The block diagram involves a hardware/software system. The hardware architecture used to support such a system is substantially the same as discussed in connection with to FIG. 2. A preferred embodiment of the mobile unit 125 preferably includes a wLAN transceiver 305 to support the wLAN connection 120. In addition, the preferred embodiment preferably includes a wWAN transceiver 310 to support a wireless connection (e.g., satellite, 2.5G cellular, 3G WCDMA cellular, or later generation cellular). In some specific embodiments, the mobile unit 125 may be implemented with only one or the other of the transceivers 305, 310. The transceiver 305 and the transceiver 310 each support at least one lower layer of a protocol stack and are each connected to a software module 315 that implements at least one upper layer of a protocol stack. Depending on the embodiment, the software module 315 may implement one or more upper layers for either one or two protocol stacks. For example, separate protocol stacks may be used for the wLAN transceiver 305 and the wWAN transceiver 310, or the same set of upper layers may be shared among the wLAN transceiver 305 and the wWAN transceiver 310. Also, in some embodiments the software module 315 may be implemented as separate modules that are integrated into the transceivers 305 and 310. In any case, each of the transceivers 305 and 310 are controlled by a protocol stack. In an exemplary embodiment, the wLAN transceiver implements one of Bluetooth™, HiperLAN™, IEEE 802.11, DECT™, or HomeRF™ at the lower layers and possibly TCP/IP and/or WAP™ at the upper layers.

Coupled to the protocol stack upper layers is a negotiation module 320. The negotiation module 320 can be implemented at various software layers similarly to the negotiation module 220 as discussed in connection with FIG. 2. The negotiation module 320 is responsible for negotiating the use of a position-dependent ecommerce session between the mobile unit 125 and the NWP 105.

In the embodiment shown, coupled to the negotiation module 320 is a contract module 325, and a reconfiguration module 330. While the interconnection of these modules is shown as a star topology whose root is the negotiation module 320, these modules can communicate in other ways. For example any of the illustrated software modules could communicate with one another via function calls, shared memory messaging, operating system messages, or direct hardware connections in a specific embodiment. Also, in some embodiments the negotiation module 320 may interact with a server side entity such as the NWP management server 140 who in this case manages a customer account related to services provided by the NWP 105.

The mobile unit 125 also includes an OS (operating system) 335. The OS 335 provides a UI (user interface) to the user via a display screen and possibly a voice enabled operating system interface. To the OS 335 is coupled a set of one or more application programs 340. The application programs 340 access the OS 335 for services such as input and output. The OS 335 is also coupled via a NIM (network interface module) to the upper layers of the protocol stack 315. For example, in a preferred embodiment, the NIM translates socket service method invocations into transport level messages for use by the protocol stack upper layers 315.

In operation, the mobile unit 125 establishes a position-dependent ecommerce session with the NWP 105 using the wLAN connection 120. In embodiments where no wLAN connection is present, session between the mobile unit 125 and the NWP 125 is established via the WAN 115 as discussed in connection with FIG. 2. The mobile unit 125 sends a transmission to the NWP 105 requesting the position-dependent ecommerce session. The negotiation module 320 communicates with the negotiation module 220 in order to establish the session. The contract module 325 is used to supply user authentication parameters or to support a digital debit or a credit card transaction. In some instances no charge may be assessed. In such cases the contract module may still be asked to supply user identification data such as a digital signature or certificate.

The contract module 325 and the negotiation module 320 allow the mobile unit 125 to negotiate and contract to establish admission to a position-dependent ecommerce session. The contract module 325 and the negotiation module 320 allow the mobile unit 125 to act as a digital authentication and payment device. For example, if the NWP 105 comprises a vending machine, the contract module 325 can be used to purchase a candy bar or a soft drink, and payment can be made by digital debit, a credit card transaction, or a charge to a user account.

Returning to applications where the NWP 105 supplies peripheral device extension services, once the negotiation module has negotiated a position-dependent ecommerce session and contracted for peripheral augmentations, notification is delivered to the reconfiguration module 330. The reconfiguration module involves software and/or a data structure that causes a device registry with the OS 335 to be modified. A device registry is a data structure or process that identifies a set of peripheral devices and/or device drivers that are in current use by the OS 335. In some embodiments, a device reconfiguration message is coupled to the one or more of the application programs 340. In other embodiments, a reconfiguration message is coupled from the OS 335 via the NIM 345 and the protocol stack 315, 310 to the ASP server 135. In either case, a peripheral-device-reconfiguration message is coupled either from the OS 335 or the application program 340 to the ASP server 135. This message notifies the ASP server 135 that an augmented (possibly changed or added to) set of peripherals are available to the mobile unit and subsequent content should be customized accordingly.

The peripheral-device-reconfiguration message allows the ASP server 135 to customize content for the mobile unit 125 given its modified set of peripherals. When the position-dependent ecommerce session is terminated, another peripheral-device-reconfiguration message is sent to allow the ASP server 135 to once again customize content for the mobile unit 125 given its original set of peripherals. For example, the mobile unit 125 is temporarily coupled to the NWP 105 and the mobile unit 125 is then reconfigured as a full desktop system. FIGS. 5-9 describe in greater detail some exemplary coordinated operations involving the mobile unit 125 and the NWP 105.

In some embodiments, the user may connect their own folding keyboard, an extension monitor display device, and a mouse, to an otherwise area-constrained device. In such cases, ASP server 135 can be configured and operated to practice the same basic methods as described herein in order to reconfigure the content to be customized for the augmented set of non-area constrained peripherals.

In some embodiments software radio techniques may be employed. For example, the lower layer protocols of the wLAN may be software defined and vary from NWP to NWP or from region to region. To maintain flexibility in such situations, a standardized ping message may be transmitted via the wLAN 305, possibly at a set frequency or via an IR link. Optionally the ping can be sent via the wWAN using GPS coordinates, local positioning information, or user entered information such as an NWP identification code, URI or URL read off of the NWP. This allows the NWP management server to download an appropriate software radio definition to the mobile unit 125. The downloaded software radio definition may include software modules or pointers to a table of software protocol routines already loaded into the mobile unit 125. In either case, the mobile unit 125 executes the identified lower layers in order to communicate via the wLAN. Software radio techniques can also be used to reconfigure the wWAN transceiver 310 when traveling into different WAN system areas. The methods and systems described in this application can be merged and applied along with the methods and systems of the CIP-parent applications, i.e., U.S. patent application Ser. No. 09/698,882, filed Oct. 27, 2000 and U.S. patent application Ser. No. 09/722,981, filed Nov. 27, 2000 which are hereby are incorporated herein by reference. The mobile unit 125, NWP's 105 and the servers 135 and 140 of the present application may be used to embody the hardware and software techniques taught in the incorporated-by reference parent CIP applications. In some preferred embodiments, the NWP's 105 of the present invention support software radio extension features and IP-telephony gateway features as taught in the parent applications. Any blocks or steps taught in the parent applications can be added to the block diagrams or flow charts of the present application. In addition to other features, the NWP's 105 of the present invention adds new features such as generalized vending and peripheral augmentation capabilities to the access points in the parent applications. The methods 500-900 can also be augmented with the teachings of the parent applications, where applicable.

FIG. 4 illustrates an embodiment of the ASP server 135. The ASP server 135 includes a WAN interface 405. The WAN interface 405 can involve a LAN connection that is interconnected to a WAN, or a direct WAN interface. In most embodiments the physical layer of the WAN interface involves a wireline connection such as a fiber, a phone line, or an xDSL line. In some embodiments, the physical layer may involve a wireless interface, for example a WCDMA cellular link or a satellite link. In the embodiment shown, the WAN transceiver includes the upper layers of the protocol stack, but it is understood that these upper layers can also be provided by the operating system (not shown) and/or the application programs running on the ASP server 135's hardware.

Coupled to an upper layer of the WAN interface 405 is a session control module 410. The session control module implements user authentication and access control processing. Also coupled to an upper layer of the WAN interface 405 is an application module 425. The application module 425 is coupled to a storage system 430 comprising semiconductor memory and/or disk storage memory. In some embodiments, the storage system 430 is coupled to storage areas involving a user state 435. Also coupled to the application module 425 is a mobile device configuration module 415. The mobile device configuration module keeps a record of the peripheral device types associated with a client device such as the mobile unit 125. The mobile device configuration module is coupled to the storage area 430 and is used to store the current device configuration of the client device.

Also coupled to the mobile device configuration module 415 is a mobile device reconfiguration module 420. The mobile device configuration module 415 and the mobile device reconfiguration module 420 are both coupled to the session control module 410. In some embodiments, the mobile device configuration module 415 and the mobile device reconfiguration module 420 are implemented as a single configuration/reconfiguration software module. The ASP server 135 can be implemented as a local or a remote portal to the computer system 145. In such embodiments, the application 425 and part of the storage system 430 can be located in the computer system 145.

In operation, the ASP server 135 provides device-customized content to mobile devices. For example, the ASP server 135 may implement XML and/or WML features that allow content to be customized for interactive display on specific mobile units corresponding to specified models of mobile units produced by specific manufactures. Such devices generally only have hardware support for area-constrained user interfaces. When the mobile unit contracts with the NWP 105, the ASP server 135 modifies the way content is delivered to the mobile unit 125 in order to accommodate the services provided by the NWP 105. For example, the mobile unit 125 and the NWP 105 become coupled together via a position-dependent ecommerce session, the peripheral configuration of the mobile unit is updated, I/O streams are redirected from the mobile unit 125 through the NWP 105, and the combination of the mobile unit 125 and the NWP 105 is able to provide a non-area constrained user interface to the user of the mobile unit 125.

In an exemplary embodiment, the ASP server 135 provides a set of desktop applications to a user. As an example, these desktop applications involve a set of application programs as would be loaded onto a desktop computer running the a Windows™ operating system. Depending on the current mobile device configuration, the ASP server 135 delivers content customized to the mobile unit 125's indigenous peripheral set or to an augmented peripheral set as augmented by the NWP 105. When the mobile unit 125 contracts with the NWP 105 to receive a full set of desktop peripherals, a peripheral-state reconfiguration message is sent to the ASP 135 in order to allow content to be customized for the reconfigured set of peripherals.

Any of the systems of FIGS. 1-4 or the methods of FIGS. 5-9 can be implemented using mobile Internet protocol (Mobile IP) technologies. Mobile IP is currently defined in RFC2002, RFC2003, RFC2004, RFC2005, and RFC2006. Related tunneling RFC1701 and management RFC1905 techniques are commonly used with Mobile IP systems. As is presently discussed, the present invention is compatible with the current Mobile IP technologies and the same concepts are expected to apply when future releases of the Mobile IP standards become available.

With the present invention, and in accordance with Mobile IP technologies, a NWP 105 can be configured as a Mobile IP “foreign agent.” Meanwhile, the mobile unit 125 can be configured as a Mobile IP “mobile node” that can change its point of attachment to the Internet from one link to another while maintaining any ongoing communications using its permanent IP (internet protocol) “home address.” In mobile IP systems, associated with the mobile unit is a “home agent.” The home agent is a router with a link on the mobile node's “home link.” The mobile node keeps the home agent informed of the mobile node's current location. For example, the mobile unit 125 can correspond to a 3G cellular smart phone with voice and data services. In this example the telephony server 150 is operated by a WCDMA carrier and acts as the home agent. In other examples, the telephony server 150 can be considered to be a home agent other than a WCDMA carrier, but for the present discussion, assume the home agent is the WCDMA carrier that supplies voice and data services to the mobile unit 125. The home agent receives packets sent to the mobile IP address associated with the mobile unit 125 and tunnels them to the mobile unit 125 when the mobile unit 125 currently connected to the Internet via a foreign agent. The foreign agent sends a message to the home agent when the mobile unit registers with the foreign agent so that the home agent can route packets to the foreign agent in care of the mobile unit 125. This paradigm provides for seamless roaming between homogeneous and heterogeneous networks (networks that respectively use the same or different air interface protocols).

In accordance with the present invention, the NWP 105 periodically sends out Mobile IP “agent advertisement messages” using the wLAN transceiver 205. The mobile unit 125 is initially provided Mobile IP services by its home agent, for example the telephony server 150 corresponding to a 3G WCDMA carrier (or for example a 2.5G GPRS or EDGE carrier, or a 4G carrier in future systems). The mobile unit 125 maintains its always-available IP connection with the server 150. Also, the mobile unit 125 monitors the wLAN connection to listen for agent advertisement messages. When the mobile unit needs to access the Internet (WAN 115 in general), it receives a cost parameter from the NWP 105 and compares the cost to the cost for WAN services offered by the telephony server 150. If the NWP service cost is lower, the mobile unit 125 and the NWP 105 establish a position-dependent ecommerce session and the mobile unit changes its point of attachment to the WAN 115 by selecting the NWP 10S to be its foreign agent. In this case the NWP provides a lower cost WAN traffic bearer service to the mobile unit 125.

In alternative embodiments, the mobile unit can establish the position-dependent ecommerce session using other means than receiving the agent advertising messages. For example any of the aforementioned methods used to initiate the establishment of a position-dependent ecommerce session can be used to initiate a foreign-agent session with the NWP 105. These alternative methods of session initiation may be desirable to conserve power to allow the wLAN transceiver to be powered down. In general, Mobile IP technology can be used with any of the systems and methods taught herein to provide seamless roaming between NWP providers and larger carrier providers. For example, a voice telephone call could be implemented using voice-over-Internet technology and the aforementioned methods could be used to reroute the call to an NWP access point.

For example, in a mobile unit, a method of least-cost packet routing involves a mobile unit that receives a mobile IP home agent advertisement from a wWAN carrier such as the server 150. The mobile unit registers with the home agent. Traffic that is sent to the mobile IP address associated with the mobile unit is thereby directed to the mobile unit via a link between the mobile unit 125 and the telephony server 150, e.g., via the wWAN transceiver 310. Next the mobile unit 125 receives a mobile IP foreign agent advertisement from the NWP 105 via the wLAN transceiver 305. The mobile unit 125 then compares a monetary cost associated with traffic bearer services provided by both the wWAN carrier (e.g., 150) and wLAN access point (NWP 105). If the bearer service cost associated with the NWP 105 wLAN is lower, the mobile unit registers with the NWP 105 to cause the network attachment point associated with the mobile unit's mobile IP address to be reassociated with the NWP 105. That is, the NWP 105 becomes the foreign agent of the mobile unit 105, and the mobile unit 125 compensates the NWP 105 by establishing a position-dependent ecommerce session and providing payment using any of the payment methods as discussed in connection with previous and subsequent methods.

Referring now to FIG. 5, a method 500 is illustrated in block diagram form. The method 500 is practiced by the NWP 105 or a similar device. First the NWP 105 establishes communication with the mobile unit 125 (505). The communication may be established via the wLAN link 120. As previously discussed, in some embodiments initial communication is established via the WAN 115.

Once initial communication has been established, a handshaking sequence is executed (510) with the mobile unit 125 to establish a position-dependent ecommerce session. The position-dependent ecommerce session is established according to any of the previously discussed procedures involving the wLAN connection 120 or the WAN 115. Various types of user authentication and session encryption (e.g., IPSEC, VPN, and certificate authority-based techniques) are preferably used to secure the link between the NWP 105 and the mobile unit 125.

Next a billing arrangement is negotiated (515) with the mobile unit 125. The mobile unit 125 typically supplies digital debit, a credit card account, a debit account, or a customer account number to set up the billing associated with the position-dependent ecommerce session. As noted hereinabove, in some instances the NWP services may be provided free of charge, for example to entice a customer to patronize to a restaurant or hotel. In such cases the billing 515 involves no-charges.

Once the session is established and the billing has been authorized, the NWP 105 supplies at least one product and/or service to the mobile unit 125 (520). As discussed previously, the NWP can act as a wirelessly controlled vending machine whereby the mobile unit 125 acts as a digital authentication and payment device that controls digital debit disbursement, credit card transactions and/or customer account transactions. The NWP 105 may vend for example, candy bars, soft drinks or other products dispensable by a vending machine. Likewise, the NWP 105 may grant access to an event such as a sports event, a concert, or movie. The NWP 105 may provide access to other types of services such as a doctor's office visit. The NWP may also provide computerized peripheral services such as the supplying of a full set of desktop peripherals and/or a use of a temporary wireline connection for voice, video and/or data. Another service that the NWP 105 may supply is power service. That is, the NWP may contract to activate a power connector for use by the mobile unit 125 for immediate use and to recharge a battery in the mobile unit 125. Similarly, the NWP 105 can provide telephony services by acting as an IP-telephony gateway to provide lower cost telephony services to the mobile unit 125.

The NWP may also provide information services, such as where a user can find a specific product, service or professional in a specified locality. In such cases the NWP 105 acts as an information kiosk that supplies information and transmits it to the mobile unit. For example a user may request information from an information kiosk and the information kiosk may supply a file that includes hyperlinks to related information and directions from the mobile unit's current location to the product or service of interest. If the mobile unit supports GPS, the information kiosk may supply a Java applet that allows the mobile unit to receive position-dependent directions from a current location to the desired destination.

Or, the NWP may provide other types of services such as a video conferencing peripheral augmentation or a video viewing extension. In some cases, the NWP 105 may be configured to download purchased software or data files to a user, for example, music, video or application programs. NWP's can also be configured to process orders. Alternatively, an NWP can be set up in a restaurant to provide a digital menu and to allow the user to place an order from his smart phone. Similarly, a user in a store might make a purchase from his smart phone and the NWP could print out a receipt. In such systems the NWP may also provide a bar code reader to help the user ring up a set of products. This service would allow users to make purchases without standing in line. A human or electronic validation system would be used to ensure the user purchased items properly prior to leaving the store.

Optionally, the NWP 105 generates an invoice for services rendered (525). This invoice may be a digital invoice that is used as an intermediate data record used to charge the user for the product or service rendered. The mobile unit 125 is also optionally billed for the product or service provided by the NWP 105.

The method 500 also defines a business method. An NWP-business involves supplying one or more NWP access points as illustrated in FIG. 1. The business method also involves negotiating a price for supplying peripheral services to a mobile unit (515). The business method also involves supplying a product or service to the mobile unit (520). In specific embodiments of the business method, the product or service involves temporarily providing an augmented set of peripherals for use by the mobile unit 125. Any of the other products or services listed above can also be sold by the NWP 105, as well as other products and services not explicitly listed herein. An exhaustive enumeration of all products and services that can be sold by an NWP 105 would be excessive. The business method also involves charging for providing the product or service by the NWP 105 (525). In a specific embodiment, 525 involves providing an extended set of peripherals to the mobile unit 125.

FIG. 6 is a flowchart illustrating an embodiment of a method 600 of processing in the mobile unit 125. The mobile unit 125 provides a device-specific (e.g., smart phone) user interface to a user (605). The device specific user interface involves an operating system that supplies an interactive image or set of buttons to a user. In some embodiments the operating system provides a speech recognition based voice interface, and in still other implementations a combination of icon screen images, physical buttons, and a voice interface is used to build a hybrid type of user interface. For example, the device-specific user interface allows the user to activate application programs, place telephone calls, and interact with networked data servers such as Internet servers. In the discussion that follows, the mobile unit 125 is assumed to be a smart phone.

A WAN communication link is provided by the smart phone (610). The WAN communication link can be implemented, for example, using 2.5G, 3G or the emerging 4G mobile communication system technologies. In the future, later generation cellular or PCS systems may be similarly used. The WAN link can connect the mobile unit 125 to the public switched telephone network, the Internet, a satellite communications and/or data network, or other types of networks such as a dedicated WAN operated by a government organization or a large private enterprise.

A position-dependent ecommerce session is established with the NWP 105 (615). In some preferred embodiments, the position-dependent ecommerce session is established using a short-range wireless protocol such as IEEE 802.11, Bluetooth™, HiperLAN™, HomeRF™, or DECT™. In some embodiments, the position-dependent ecommerce session is established via the WAN connection using any of the previously discussed techniques for establishing a position-dependent ecommerce session via a WAN.

Also, a billing contract is negotiated (620). This can be done in using digital debit, a credit card transaction, or a subscriber account transaction as previously discussed. Computer security methods such as user authentication, certificates and session encryption are preferably employed to protect from various forms of fraud.

For example, in a preferred embodiment, an IPSEC-compliant VPN is set up between the NWP and the NWP management server 140, and an IPSEC-secured IEEE 802.11 or Bluetooth™ connection is established between the mobile unit 125 and the NWP 105. The mobile unit 125 sends its account information to the NWP 105 and the NWP 105 sends the account information to the NWP management server 140. In this example IPSEC digital signatures and encryption keys are used to authenticate the identity of the user and are also used for access control. In some embodiments the user may be further asked to supply a password to protect form the scenario where the mobile unit 125 is stolen and falls into the wrong hands. An override, like “remember user password” may be supplied so that the user does not have to reenter passwords for those who find this extra layer of password protection cumbersome.

Next, a peripheral configuration is modified in the mobile unit 125 (625). In a preferred embodiment the mobile unit's OS has a registry or some related type of data structure that lists the devices and/or device drivers in current use by the mobile unit 125. The registry is updated so that the local peripherals become temporarily disabled and the peripherals of the NWP 105 become enabled. In some embodiments the registry is updated so that the NWP peripherals are added but the local peripherals may remain enabled. In this type of embodiment both the original and augmented sets of peripherals are available at the same time. In such cases, the NWP peripheral set can take precedence over the local peripherals so that the ASP server 135 can deliver content customized to the NWP-expanded peripheral set. In other embodiments, the server 135 and/or the NWP management server 140 can deliver content to both the NWP-augmented peripherals and the local peripherals of the mobile unit 125.

Once reconfigured, the mobile unit 125 runs an application program using the extended peripheral set (630). The extended peripheral set includes at least some of the peripherals supplied by the NWP 105. For example, if the NWP 105 supplies a full-sized display monitor, keyboard and mouse, the user can work on a desktop application using the new peripheral set. The desktop application may reside inside of the mobile unit 125 and may represent a program such as a Microsoft Excel™ spreadsheet. Likewise, the application may run on a remote server such as the ASP server 135. In such a case, the ASP server practices a method such as the method 700 described below.

Because the OS in the mobile unit has been modified to include the extended peripheral set as supplied by the NWP 105, the application program's I/O is redirected to the extended peripheral set. If the application is local, the application is preferably sent a message from the OS to let it know that the augmented peripheral set is being used. This is necessary in many embodiments because the application program needs to customize the user interface differently for a small display. When a full sized display is in tact, the application supplies a UI customized to a full-sized display. In such embodiments, the OS preferably sends a message, interrupt or signal to the application to allow the application to alter its user interface. When the application runs remotely on the ASP server 135, a peripheral-set reconfiguration message is sent to the ASP server 135. In a preferred embodiment, the mobile unit invokes methods on one or more stub objects using overloaded method invocations so that processing with an extended set of peripherals is largely transparent to the software in the mobile unit 125.

Referring now to FIG. 7, an embodiment of a method 700 practiced by the ASP server 135 is illustrated in flow chart form. A peripheral configuration of a mobile unit 125 is identified (705). The peripheral configuration may be identified specifically, or the manufacture and model number of the mobile unit 125 may be supplied to identify the peripheral configuration. If the mobile unit initiates a session with the ASP server 135 while already connected to the NWP 105, then the initial peripheral configuration is delivered to reflect the current set of available peripherals. An ASP client-server session is next established with the mobile unit 125 (710). This session preferably is secured via IPSEC, VPN, SSL and/or other network security technologies. The ASP server 135 next sends to the mobile unit 125 content that is customized to run on the mobile unit given its present peripheral configuration (715).

Next a peripheral reconfiguration message is received at the ASP server 135 via the WAN 115 (720). This message is received when the mobile unit 125 executes the step 625 and sends a peripheral reconfiguration message. For example, if the mobile unit connects or disconnects with an NWP 105 that supplies peripheral augmentation services, a peripheral reconfiguration message will be sent to the ASP server 135.

Next the ASP server updates a variable that defines the peripheral configuration of the mobile unit 125 (725). This reconfiguration reflects the mobile unit 125's current set of peripherals. The ASP server 135 next supplies content customized for the reconfigured set of peripherals of the mobile unit 125 (730). This content is customized for a different set of peripherals than the content that was delivered at step 715.

Optionally, a customer is billed for the use of ASP services (735). The customers may represent individual users, or may involve enterprise customers. Enterprise customers may pay a subscription fee for ASP services or may pay a licensing fee for incorporating the ASP server 135 as a portal to the computer system 145. Any of the previously discussed billing strategies (digital debit, credit card transactions, . . . ) can be used with the ASP server 135, but customers preferably use a subscription account (e.g., with fixed monthly fees and/usage-dependent fees) to access the ASP server 135. In some business methods, customers received ASP services for free and revenue is collected by other means such as banner advertising or other forms of Internet advertising.

In a specific type of embodiment, ASP server 135 is configured to supply global desktop services to allow users to access a set of applications and file system directories as would be available from a home/office computer desktop UI. As discussed previously, the ASP server can be implemented as a portal to the computer system 145. The portal may be installed directly into the computer system 145 or can be supplied remotely using TCP/IP and VPN tunneling techniques.

The method 700 also defines a business method. An ASP-business involves supplying one or more ASP servers 135 as illustrated in FIG. 1. In a preferred embodiment of the business method 700 the business supplies the ASP server 135. The ASP server 135 supplies a service such as the global desktop UI as discussed above. As per step 715, the ASP server 135 provides a representation of the desktop UI customized for use with the mobile unit 125. As per the step 720, the ASP server 135 accepts a parameter representative of the existence a modified set of peripheral devices available to the mobile unit 125 due to the contracting of a set of negotiated wireless peripheral services. As per step 730, the ASP server provides a second representation of the desktop UI for use with the modified set of peripherals.

As per 735, the business method also involves maintaining a customer base of users for global desktop services and charging users monthly and/or usage dependent fees for using the global desktop services. These fees are charged to supply users with access to desktop applications to include email, spreadsheets, and/or other applications available on their home or office systems. For example a user in the field may wish to connect up with an NWP to access a full-sized desktop UI and use the global desktop service to launch a web browser. Once using the web browser, the user may wish to access his or her own personal set of bookmarks. In embodiments where the end customer is an enterprise and the ASP server 135 is a portal running on the computer system 145, the business method involves collecting a licensing fee to allow the ASP server software to supply services from the home/office computer 145.

The method 700 can be modified to provide a product or service other than a peripheral augmentation service. As previously discussed, the set of NWP devices can in general be vending machines that vend products and/or services. As discussed below in connection with in the method 900, the NWP's can also be configured as physical access control devices for vents such as movies, concerts, or sporting events. In such cases, the ASP server 135 serves as a merchant web site that vends products and/or services. The NWP devices serve as point of presence outlets for the ASP server 135 that is configured as a vending server 135. In this method, 715 is modified to send a message to instruct an NWP to provide a product or service. Steps 720, 725, and 730 are omitted and a fee is collected as per 735.

Referring now to FIG. 8, an embodiment of a method 800 for selling federated-negotiated wireless peripheral services with the assistance of associates is provided. The federated-negotiated wireless peripheral services are accessible to users of a system that provides application services to allow users to access server-side services using extended peripheral configurations and/or other products and/or services supplied by a federation of NWP's. See also the parent applications and note the methods taught therein involving associates can be augmented with the NWP's of the present invention.

The method involves enrolling associates using an on-line registration system (805). Each the associate supplies one or more NWP's into a network of NWP's. Each associate also indicates one or more services provided by the NWP device supplied by the associate. In some instances the associate may purchase an NWP device and the NWP device itself may provide an electronic indication of the peripheral services supplied by the device. In some cases the associate and/or the NWP device may simply supply a manufacturer and model number of the NWP system and the server may derive the set of services supplied by the NWP device from this information.

The method 800 also involves establishing a network session with the negotiated wireless peripheral device (810). The network session is established between the NWP management server 140 and the NWP 105. In preferred embodiments, a VPN technology is used to allow the NWP management server 140 to securely communicate with its associated NWP devices.

The method also involves receiving via the session an indication of a request by the mobile unit 125 for use of a service provided by the NWP 105 (815). As discussed previously, a position-dependent ecommerce session is established between the mobile unit 125 and the NWP 105. This session is preferably secured using authentication and encryption techniques as supplied by IPSEC and/or related VPN technologies. A billing arrangement is negotiated with the mobile unit 125 to contract with the NWP 105 (820). As discussed previously, the billing arrangement may involve digital debit, a credit card transaction, a subscriber account, or a license or contract with an enterprise.

Once the user has been authenticated and the service billing terms have been verified, the associate's NWP device supplies peripheral services to the mobile unit 125 (825). An invoice is then optionally generated for the NWP services rendered (830). The customer is then optionally billed for the NWP services (835). This may involve a usage fee, a subscription fee, or an enterprise-wide licensee, for example.

The associate who supplied the NWP is paid for providing the NWP node used in the federation of NWP nodes. The fee paid to the associate can be usage based so that the busiest NWP nodes produce the most revenues to the associate, or the associate may be paid as flat fee such as a monthly fee for supplying the NWP node.

In an alternative embodiment of the method 800, a company installs its own base of NWP access points. In this version, 805 involves installing a plurality of geographically dispersed NWP devices. The modified method 800 can be implemented along with the federated version of the method 800 at the same time. In this case a company installs a base of NWP devices but allows associates to augment the installed base so that coverage may be deployed more quickly and into markets not supported by the company's installed based of NWP systems. In the modified method 800, when a user accesses an NWP installed by the company, the step of paying the associate is omitted and the company retains the usage/subscription fee. In systems where a federation of NWP's is used to augment an installed base of NWP's, the fee is paid only for the NWP access points supplied by associates. The method 800 and the modified method 800 constitute business methods.

The method 800 can be modified in yet another way. In either of the versions of the method 800, the step 825 can be modified to provide a product or service other than a peripheral augmentation service. As previously discussed, the set of NWP devices can in general be vending machines that vend products and/or services. As discussed below in connection with in the method 900, the NWP's can also be configured as physical access control devices for vents such as movies, concerts, or sporting events.

Referring now to FIG. 9, an embodiment of a method 900 of selling tickets to events is illustrated in block diagram form. Electronic tickets are offered for sale via a merchant web site (905). The merchant web site receives via a communications network (e.g., WAN 115) an order for a set of tickets from an on-line customer (910). The on-line customer may be coupled to the WAN 115 by a standard wireline connection or via a wireless connection.

Next, the merchant web site initiates an encryption algorithm that generates a digitally signed and/or certified representation of the set of tickets (915). That is, public/private key and certificate-based encryption and/or authentication algorithms are preferably used to generate an authenticatable and non-duplicable set of tickets (in general, an encryption algorithm is applied). Such tickets are referred to herein as “encrypted tickets” because encryption-based algorithms are used to generate a set of tickets that can be protected from duplication and other forms of fraud. The tickets may be password protected and/or protected by a private key belonging to the on-line customer who purchased the tickets.

The encrypted ticket set preferably incorporates a public and/or private key associated with the on-line customer and/or makes use of a digital certificate as provided by a certificate authority. Preferably the encrypted tickets involve a digital signature that can only be generated by the on-line customer because the digital signature can only be made with knowledge of the on-line customer's private key. Likewise the tickets include a digital signature that can only be made with knowledge of a private key held by the merchant web site and/or the certificate authority. Next, the encrypted tickets are transmitted to the on-line customer via the communications network such as the WAN 115 (925).

Up to this point, the steps of the method 900 are practiced by the merchant web site. The following steps are practiced by an NWP. In the method 900, the NWP 105 acts as a ticket receiving module and physical access control device. The NWP may be deployed by an associate, the same company as the merchant web site, or by a company involved in events for which the tickets are sold.

The NWP 105 engages in a handshaking sequence with the mobile unit 125 to establish a position-dependent ecommerce session as discussed previously (925). The position-dependent ecommerce session preferably makes use of the public key and the private key associated with the on-line customer. As discussed previously, the public and private keys may be used in secure session communication, or may alternatively be used in a security association set-up phase to agree on a shared secret to be subsequently used to secure session communications using a lower cost encryption algorithm.

A security association involves an agreed upon set of security parameters (e.g., keys) that are used to support a secure channel or session between two or more network entities. A security process is hardware or software code that uses the security association along with an encryption algorithm to provide authenticated and/or encrypted transmissions. In general, the encryption algorithm may involve the application of an authentication-based encrypted hash function to provide a digital signature. In a specific case of an encryption algorithm, a cipher is applied to a message to scramble it and make it unreadable to third parties who do not have access to the parameters of the security association.

The NWP 105 receives via the position-dependent ecommerce session the encrypted tickets (930). The NWP 105 next checks the ticket's validity, and if valid, generates an acknowledgement signal indicating the encrypted tickets are acceptable (935). In one embodiment, the customer's digital signature encoded into the encrypted tickets is preferably compared to the digital signature used in the establishment of the position-dependent ecommerce session. In other embodiments, a password is used to authenticate the mobile unit 125 as the proper owner of the digital tickets. This option allows the tickets to be transferred from one person to another.

The NWP 105 next grants entrance to the event based upon the acknowledgement (940). In some instances a human guard will work with the NWP 105 to provide access control to the event. In such cases the NWP 105 provides an indication to the guard indicating the number of valid tickets received. The display also optionally notifies the guard of the seat locations so the guard can help direct the holder of the tickets to their seats. In a preferred embodiment, information in the electronic tickets can be processed to provide a set of directions to help the user find their seats. Gate numbers, aisle numbers, and seat numbers can preferably be read from the display of the mobile unit 125. In mobile units that support GPS or other location identification technologies, an application program can be executed to provide turn-by-turn directions to help the user find their seats. In other embodiments, the step 940 involves opening a physical access gate. The physical access gate allows individuals to pass through and is electronically controlled by the NWP 105.

While the method 900 has been defined for selling tickets to events and controlling access at events, the method 900 can be modified to a method of selling tokens. A token is similar to digital debit, but instead of being digital cash, a token represents a digital coupon for a specific product or service. The step 910 is modified to receive an order for a token instead of a ticket. The step 940 is modified to involve providing a product or service to the on-line customer upon the proper reception of the token. This allows a customer to order a product or service via a network connection such as the Internet. Then it allows the on-line customer to use the mobile unit 125 to pass the token to the NWP 105 via a position-dependent ecommerce session. The NWP 105 then dispenses the pre-paid product or service, or supplies an information display to a human who then provides the product or service once the NWP indicates the customer has pre-paid and has been properly authenticated.

Although the present invention has been described with reference to specific embodiments, other embodiments may occur to those skilled in the art without deviating from the intended scope. For example the NWP 105 can serve to provide peripheral augmentations to the mobile unit 125, but, as discussed above, the NWP 105 can more generally act as a wirelessly controlled vending device for products and/or services. Also, while many of the embodiments discussed herein discuss an ASP server 135, it is understood that the functions of the ASP server 135 can be implemented as a portal to the home/office computer system 145. While apparatus is generally described using block diagrams, some of these block diagrams, taken with their associated textual descriptions define methods practiced by the apparatus. Also, the ASP server can provide other products and services beside global desktop services. While the mobile unit 125 is often described as being a smart phone, it can correspond to other types of devices such as wireless data-only devices. While position-dependent ecommerce sessions are described as being between the mobile unit 125 and the NWP 105, in some embodiments, the NWP management server 140 can be involved in the session as a proxy or can otherwise act on behalf of the NWP 105 in position-dependent ecommerce sessions. In the method 900, the order of various steps can be changed. In any of the method taught and/or claims herein, the order of the steps, substeps or actions may be altered wherever such a change does not render the method inoperable. Therefore, it is to be understood that the invention herein encompasses all such embodiments that do not depart from the spirit and scope of the invention as defined in the appended claims. 

1-44. (canceled)
 45. A method of selling admissions via pre-payment, comprising: at a merchant web site: (i) offering for sale via the merchant web site a ticket for admission to a physical area; (ii) receiving via a communications network an order for the ticket from a customer; and (iii) initiating a cryptographic algorithm that results in an encryption-protected ticket and transmitting the encryption-protected ticket to the customer via the communications network; and at a customer-physical-access admission station: (iv) receiving via a short range wireless air interface protocol the encryption-protected ticket; (v) if the encryption-protected ticket is found to be valid in a testing, generating an admission-grant signal indicating to allow the customer to pass a physical customer admission point.
 46. The method of claim 45, wherein the cryptographic algorithm encodes a digital signature associated with the customer, and the digital signature is generated using a public/private key cryptography algorithm.
 47. The method of claim 46, wherein the cryptographic algorithm also encodes into the encryption-protected ticket a digital signature component that is associated with a key from a certificate authority.
 48. The method of claim 45, wherein the short range wireless air interface protocol involves at an upper layer a position-dependent ecommerce session which involves an agreed upon billing arrangement that is agreed upon in advance during the offering for sale and the receiving the order.
 49. The method of claim 48, further comprising: the customer-physical-access admission station interacting via the computer network with a remote vending management server which provides support in establishing the position-dependent ecommerce session and in performing the testing.
 50. The method of claim 45, wherein the customer-physical-access admission station performs at least a portion of the testing.
 51. The method of claim 45, wherein the testing involves executing a second cryptographic authentication algorithm that verifies a user identity and decodes and reads a coded data segment.
 52. The method of claim 45, wherein the communication network comprises a member of the group consisting of: a wWAN network that offers wireless access to user wireless devices; a wLAN network that offers wireless access to user wireless devices; a path through a portion of a cellular communications network that offers Internet access to user wireless devices; and a path through a portion of the Internet.
 53. The method of claim 45, wherein the customer-physical-access admission station comprises a physical access gate that is automatically opened in response to the admission-grant signal.
 54. The method of claim 45, wherein the customer-physical-access admission station comprises a physical access gate that is controlled by a physical access control employee, and the method further comprises: generating, in response to the admission-grant signal a user interface indication that signals to the employee to admit the customer into the physical area.
 55. The method of claim 45, wherein the customer-physical-access admission station comprises a physical access gate that is controlled by a physical access control employee, and the method further comprises: generating, in response to the admission-grant signal a user interface indication that signals to the employee an indication of a number of how many valid admissions were received.
 56. The method of claim 45, wherein the physical area is an area where an event will occur to which the customer seeks access.
 57. The method of claim 56, wherein the physical area includes a set of seats of which the customer is assigned a particular seat.
 58. The method of claim 57, the method further comprising: transmitting via the short range wireless air interface protocol to a user wireless device associated with the customer an indication of a set of directions to help the customer physically navigate to the particular seat.
 59. The method of claim 57, the method further comprising: wirelessly transmitting to the user wireless device associated with the customer an indication of a set of directions to help the customer physically navigate to the particular seat.
 60. The method of claim 59, the method further comprising: wirelessly transmitting to the user wireless device associated with the customer an update to the set of directions to help the customer physically navigate as the customer advances toward the particular seat.
 61. The method of claim 45, physical area is an area where an event will occur, and the event is a member of the group consisting of a sporting event, a concert, and a movie.
 62. The method of claim 45, wherein the physical area is an area where a service to be provided to the customer is initiated.
 63. A method of selling products via pre-payment, comprising: at a merchant web site: (i) offering for sale via the merchant web site a product token for use in purchasing one or more corresponding products from one or more vending machines which each employ a short range wireless air interface protocol for establishing position dependent ecommerce sessions; (ii) receiving via a communications network an order for the product token from a customer; and (iii) initiating a cryptographic algorithm that results in an encryption-protected product token and transmitting the encryption-protected product token to the customer via the communications network; and at a particular vending machine: (iv) receiving via the short range wireless air interface protocol the encryption-protected product token; (v) if the encryption-protected product token is found to be valid in a testing, generating a product-grant signal indicating to provide the product to the customer.
 64. The method of claim 63, wherein the cryptographic algorithm encodes a digital signature associated with the customer, and the digital signature is generated using a public/private key cryptography algorithm.
 65. The method of claim 64, wherein the cryptographic algorithm also encodes into the encryption-protected product token a digital signature component that is associated with a key from a certificate authority.
 66. The method of claim 63, wherein the short range wireless air interface protocol involves at an upper layer a position-dependent ecommerce session which involves an agreed upon billing arrangement that is agreed upon in advance during the offering for sale and the receiving the order.
 67. The method of claim 66, further comprising: the particular vending machine interacting via the computer network with a remote vending management server which provides support in establishing the position-dependent ecommerce session and in performing the testing.
 68. The method of claim 63, wherein the vending machine performs at least a portion of the testing.
 69. The method of claim 63, wherein the testing involves executing a second cryptographic algorithm that verifies a user identity and decodes and reads a coded data segment.
 70. The method of claim 63, wherein the communication network includes a member of the group consisting of: a wWAN network that offers wireless access to user wireless devices; a wLAN network that offers wireless access to user wireless devices; a path through a portion of a cellular communications network that offers Internet access to user wireless devices; and a path through a portion of the Internet.
 71. The method of claim 63, wherein the particular vending machine comprises a user interface for use by an employee and the method further comprises: generating, in response to the product-grant signal a user interface indication that signals to the employee an indication to provide the product to the customer.
 72. The method of claim 63, wherein the product is a member of the group consisting of a digital music content, a digital video content, a software program and a data file.
 73. The method of claim 63, wherein the product is a member of the group consisting of a candy bar, a snack, and a soft drink.
 74. The method of claim 63, wherein the encryption-protected product token is operative to allow the customer to obtain a plurality of the corresponding product.
 75. A method of selling services via pre-payment, comprising: at a merchant web site: (i) offering for sale via the merchant web site a service token for use in purchasing one or more corresponding services; (ii) receiving via a communications network an order for the service token from a customer; and (iii) initiating a cryptographic algorithm that results in an encryption-protected service token and transmitting the encryption-protected service token to the customer via the communications network; and at a particular service access point: (iv) receiving via a short range wireless air interface protocol the encryption-protected service token; (v) if the encryption-protected service token is found to be valid in a testing, generating a service-grant signal indicating to provide the service to the customer.
 76. The method of claim 75, wherein the cryptographic algorithm encodes a digital signature associated with the customer, and the digital signature is generated using a public/private key cryptography algorithm.
 77. The method of claim 76, wherein the cryptographic algorithm also encodes into the encryption-protected service token a digital signature component that is associated with a key from a certificate authority.
 78. The method of claim 75, wherein the short range wireless air interface protocol involves at an upper layer a position-dependent ecommerce session which involves an agreed upon billing arrangement that is agreed upon in advance during the offering for sale and the receiving the order.
 79. The method of claim 78, further comprising: the particular service access point interacting via the computer network with a remote vending management server which provides support in establishing the position-dependent ecommerce session and in the performing the testing
 80. The method of claim 75, wherein the particular service access point performs at least a portion of the testing.
 81. The method of claim 75, wherein the testing involves executing a second cryptographic authentication algorithm that verifies a user identity and decodes and reads a coded data segment.
 82. The method of claim 75, wherein the communication network comprises a member of the group consisting of: a wWAN network that offers wireless access to user wireless devices; a wLAN network that offers wireless access to user wireless devices; a path through a portion of a cellular communications network that offers Internet access to user wireless devices; and a path through a portion of the Internet.
 83. The method of claim 75, wherein the particular service access point comprises a physical access gate that is automatically opened in response to the service-grant signal.
 84. The method of claim 75, wherein the particular service access point comprises a physical access gate that is controlled by a physical access control employee, and the method further comprises: generating, in response to the service-grant signal a user interface indication that signals to the employee an indication the customer has been cleared to receive the service.
 85. The method of claim 75, wherein the service comprises a visit with a doctor.
 86. The method of claim 75, wherein the service comprises a server-based digital service, and the particular service access point is a wireless access point that is coupled via the computer network to a remote computer server that provides at least a portion of the server-based digital service remotely. 